You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was looking through the code base and noticed that within the Connection object that gets passed to the Client constructor we're specific about not requiring identity verification when making the connection to the database.
It got me thinking about some of the security aspects of the backend like implementing HTTPS and using Helmet to secure the HTTP headers.
Implementing HTTPS for the backend (using the node https module)
1.1) Key and Certification generation will be required
1.2) A Certification Authority so that the non-self serving certificate can be generated
Implementing Helmet as a dependency to secure the HTTP headers
2.1) Forces HTTPS on all requests, even in the event of inadvertent HTTP re-direct requests
2.2) Provides additional security benefits unrelated to HTTPS
Let me know what you think.
The text was updated successfully, but these errors were encountered:
I was looking through the code base and noticed that within the Connection object that gets passed to the Client constructor we're specific about not requiring identity verification when making the connection to the database.
It got me thinking about some of the security aspects of the backend like implementing HTTPS and using Helmet to secure the HTTP headers.
Implementing HTTPS for the backend (using the node https module)
1.1) Key and Certification generation will be required
1.2) A Certification Authority so that the non-self serving certificate can be generated
Implementing Helmet as a dependency to secure the HTTP headers
2.1) Forces HTTPS on all requests, even in the event of inadvertent HTTP re-direct requests
2.2) Provides additional security benefits unrelated to HTTPS
Let me know what you think.
The text was updated successfully, but these errors were encountered: